Almost all of the 20 U.S. state government-run health insurance marketplaces shared residents’ application information with advertising and tech giants like Google and TikTok, according to a new investigation by Bloomberg.

The report highlights the privacy risks posed by pixel tracking tools used in digital advertising. Websites that handle sensitive content can inadvertently collect personal data if misconfigured. In some cases, this included details such as race and whether residents had incarcerated family members.

Although Washington D.C.’s health insurance exchange has paused its use of TikTok’s tracker after revealing the exchange was sharing ZIP codes with the company, Virginia removed a similar Meta tracker from its website following similar revelations. This is not an isolated issue; previous incidents have affected telehealth startups and major healthcare providers.

More than seven million Americans purchased health insurance through these exchanges this year. The scale of data sharing raises serious privacy concerns about how government websites handle personal information, especially in a highly sensitive context like healthcare applications.